Skip to content

Commit a8ed0d8

Browse files
BridgeARBridgeAR
authored
test: rewrite assertion to use Node.js assert (#6999)
Most changes are done with a script with additional linting and manual fixes.
1 parent 083a15e commit a8ed0d8

File tree

372 files changed

+5800
-5564
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

372 files changed

+5800
-5564
lines changed

integration-tests/aiguard/index.spec.js

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -3,12 +3,12 @@
33
const assert = require('node:assert/strict')
44
const path = require('path')
55

6-
const { expect } = require('chai')
76
const { after, afterEach, before, beforeEach, describe, it } = require('mocha')
87

98
const { sandboxCwd, useSandbox, FakeAgent, spawnProc } = require('../helpers')
109
const startApiMock = require('./api-mock')
1110
const { executeRequest } = require('./util')
11+
const { assertObjectContains } = require('../helpers')
1212

1313
describe('AIGuard SDK integration tests', () => {
1414
let cwd, appFile, agent, proc, api, url
@@ -63,11 +63,11 @@ describe('AIGuard SDK integration tests', () => {
6363
const response = await executeRequest(`${url}${endpoint}`, 'GET', headers)
6464
if (blocking && action !== 'ALLOW') {
6565
assert.strictEqual(response.status, 403)
66-
expect(response.body).to.contain(reason)
66+
assertObjectContains(response.body, reason)
6767
} else {
6868
assert.strictEqual(response.status, 200)
69-
expect(response.body).to.have.nested.property('action', action)
70-
expect(response.body).to.have.nested.property('reason', reason)
69+
assert.strictEqual(response.body?.action, action)
70+
assert.strictEqual(response.body?.reason, reason)
7171
}
7272
await agent.assertMessageReceived(({ headers, payload }) => {
7373
const span = payload[0].find(span => span.name === 'ai_guard')

integration-tests/appsec/data-collection.spec.js

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
'use strict'
22

3-
const { assert } = require('chai')
3+
const assert = require('node:assert/strict')
44
const path = require('path')
55
const Axios = require('axios')
66

@@ -55,7 +55,7 @@ describe('ASM Data collection', () => {
5555
requestHeaders.length
5656
)
5757
requestHeaders.forEach((headerName) => {
58-
assert.property(payload[0][0].meta, `http.request.headers.${headerName}`)
58+
assert.ok(Object.hasOwn(payload[0][0].meta, `http.request.headers.${headerName}`))
5959
})
6060

6161
// Response headers
@@ -64,7 +64,7 @@ describe('ASM Data collection', () => {
6464
responseHeaders.length
6565
)
6666
responseHeaders.forEach((headerName) => {
67-
assert.property(payload[0][0].meta, `http.response.headers.${headerName}`)
67+
assert.ok(Object.hasOwn(payload[0][0].meta, `http.response.headers.${headerName}`))
6868
})
6969
})
7070
}

integration-tests/appsec/graphql.spec.js

Lines changed: 15 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
'use strict'
22

3-
const { assert } = require('chai')
3+
const assert = require('node:assert/strict')
44
const path = require('path')
55
const axios = require('axios')
66

@@ -38,15 +38,15 @@ describe('graphql', () => {
3838

3939
it('should not report any attack', async () => {
4040
const agentPromise = agent.assertMessageReceived(({ headers, payload }) => {
41-
assert.propertyVal(headers, 'host', `127.0.0.1:${agent.port}`)
42-
assert.isArray(payload)
41+
assert.strictEqual(headers.host, `127.0.0.1:${agent.port}`)
42+
assert.ok(Array.isArray(payload))
4343
assert.strictEqual(payload.length, 2)
4444
// Apollo server 5 is using Node.js http server instead of express
45-
assert.propertyVal(payload[1][0], 'name', 'web.request')
46-
assert.propertyVal(payload[1][0].metrics, '_dd.appsec.enabled', 1)
47-
assert.property(payload[1][0].metrics, '_dd.appsec.waf.duration')
48-
assert.notProperty(payload[1][0].meta, '_dd.appsec.event')
49-
assert.notProperty(payload[1][0].meta, '_dd.appsec.json')
45+
assert.strictEqual(payload[1][0].name, 'web.request')
46+
assert.strictEqual(payload[1][0].metrics['_dd.appsec.enabled'], 1)
47+
assert.ok(Object.hasOwn(payload[1][0].metrics, '_dd.appsec.waf.duration'))
48+
assert.ok(!('_dd.appsec.event' in payload[1][0].meta))
49+
assert.ok(!('_dd.appsec.json' in payload[1][0].meta))
5050
})
5151

5252
await axios({
@@ -100,15 +100,15 @@ describe('graphql', () => {
100100
}
101101

102102
const agentPromise = agent.assertMessageReceived(({ headers, payload }) => {
103-
assert.propertyVal(headers, 'host', `127.0.0.1:${agent.port}`)
104-
assert.isArray(payload)
103+
assert.strictEqual(headers.host, `127.0.0.1:${agent.port}`)
104+
assert.ok(Array.isArray(payload))
105105
assert.strictEqual(payload.length, 2)
106106
// Apollo server 5 is using Node.js http server instead of express
107-
assert.propertyVal(payload[1][0], 'name', 'web.request')
108-
assert.propertyVal(payload[1][0].metrics, '_dd.appsec.enabled', 1)
109-
assert.property(payload[1][0].metrics, '_dd.appsec.waf.duration')
110-
assert.propertyVal(payload[1][0].meta, 'appsec.event', 'true')
111-
assert.property(payload[1][0].meta, '_dd.appsec.json')
107+
assert.strictEqual(payload[1][0].name, 'web.request')
108+
assert.strictEqual(payload[1][0].metrics['_dd.appsec.enabled'], 1)
109+
assert.ok(Object.hasOwn(payload[1][0].metrics, '_dd.appsec.waf.duration'))
110+
assert.strictEqual(payload[1][0].meta['appsec.event'], 'true')
111+
assert.ok(Object.hasOwn(payload[1][0].meta, '_dd.appsec.json'))
112112
assert.deepStrictEqual(JSON.parse(payload[1][0].meta['_dd.appsec.json']), result)
113113
})
114114

integration-tests/appsec/iast-esbuild.spec.js

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,8 @@
11
'use strict'
22

3+
const assert = require('node:assert/strict')
4+
35
const Axios = require('axios')
4-
const { assert } = require('chai')
56
const childProcess = require('child_process')
67
const fs = require('fs')
78
const path = require('path')
@@ -34,7 +35,7 @@ describe('esbuild support for IAST', () => {
3435
return agent.assertMessageReceived(({ payload }) => {
3536
const spans = payload.flatMap(p => p.filter(span => span.name === 'express.request'))
3637
spans.forEach(span => {
37-
assert.property(span.meta, '_dd.iast.json')
38+
assert.ok(Object.hasOwn(span.meta, '_dd.iast.json'))
3839
const spanIastData = JSON.parse(span.meta['_dd.iast.json'])
3940
assert.strictEqual(spanIastData.vulnerabilities[0].type, 'COMMAND_INJECTION')
4041
assert.strictEqual(spanIastData.vulnerabilities[0].location.path, expectedPath)
@@ -43,8 +44,8 @@ describe('esbuild support for IAST', () => {
4344
}
4445

4546
const ddStack = msgpack.decode(span.meta_struct['_dd.stack'])
46-
assert.property(ddStack.vulnerability[0], 'frames')
47-
assert.isNotEmpty(ddStack.vulnerability[0].frames)
47+
assert.ok(Object.hasOwn(ddStack.vulnerability[0], 'frames'))
48+
assert.ok(ddStack.vulnerability[0].frames.length > 0)
4849
})
4950
}, null, 1, true)
5051
}
@@ -53,7 +54,7 @@ describe('esbuild support for IAST', () => {
5354
return agent.assertMessageReceived(({ payload }) => {
5455
const spans = payload.flatMap(p => p.filter(span => span.name === 'express.request'))
5556
spans.forEach(span => {
56-
assert.notProperty(span.meta, '_dd.iast.json')
57+
assert.ok(!('_dd.iast.json' in span.meta))
5758
})
5859
}, null, 1, true)
5960
}

integration-tests/appsec/iast-stack-traces-with-sourcemaps.spec.js

Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,11 @@
11
'use strict'
22

3+
const assert = require('node:assert/strict')
4+
35
const { sandboxCwd, useSandbox, spawnProc, FakeAgent } = require('../helpers')
46
const childProcess = require('child_process')
57
const path = require('path')
68
const Axios = require('axios')
7-
const { assert } = require('chai')
8-
99
describe('IAST stack traces and vulnerabilities with sourcemaps', () => {
1010
let axios, cwd, appDir, appFile, agent, proc
1111

@@ -49,13 +49,13 @@ describe('IAST stack traces and vulnerabilities with sourcemaps', () => {
4949
it('should detect correct stack trace in unnamed function', async () => {
5050
const response = await axios.get('/rewritten/stack-trace-from-unnamed-function')
5151

52-
assert.include(response.data, '/rewritten-routes.ts:7:13')
52+
assert.match(response.data, /\/rewritten-routes\.ts:7:13/)
5353
})
5454

5555
it('should detect correct stack trace in named function', async () => {
5656
const response = await axios.get('/rewritten/stack-trace-from-named-function')
5757

58-
assert.include(response.data, '/rewritten-routes.ts:11:13')
58+
assert.match(response.data, /\/rewritten-routes\.ts:11:13/)
5959
})
6060

6161
it('should detect vulnerability in the correct location', async () => {
@@ -64,14 +64,14 @@ describe('IAST stack traces and vulnerabilities with sourcemaps', () => {
6464
await agent.assertMessageReceived(({ payload }) => {
6565
const spans = payload.flatMap(p => p.filter(span => span.name === 'express.request'))
6666
spans.forEach(span => {
67-
assert.property(span.meta, '_dd.iast.json')
67+
assert.ok(Object.hasOwn(span.meta, '_dd.iast.json'))
6868
const iastJsonObject = JSON.parse(span.meta['_dd.iast.json'])
6969

70-
assert.isTrue(iastJsonObject.vulnerabilities.some(vulnerability => {
70+
assert.strictEqual(iastJsonObject.vulnerabilities.some(vulnerability => {
7171
return vulnerability.type === 'WEAK_HASH' &&
7272
vulnerability.location.path === 'appsec/iast-stack-traces-ts-with-sourcemaps/rewritten-routes.ts' &&
7373
vulnerability.location.line === 15
74-
}))
74+
}), true)
7575
})
7676
}, null, 1, true)
7777
})
@@ -81,13 +81,13 @@ describe('IAST stack traces and vulnerabilities with sourcemaps', () => {
8181
it('should detect correct stack trace in unnamed function', async () => {
8282
const response = await axios.get('/not-rewritten/stack-trace-from-unnamed-function')
8383

84-
assert.include(response.data, '/not-rewritten-routes.ts:7:13')
84+
assert.match(response.data, /\/not-rewritten-routes\.ts:7:13/)
8585
})
8686

8787
it('should detect correct stack trace in named function', async () => {
8888
const response = await axios.get('/not-rewritten/stack-trace-from-named-function')
8989

90-
assert.include(response.data, '/not-rewritten-routes.ts:11:13')
90+
assert.match(response.data, /\/not-rewritten-routes\.ts:11:13/)
9191
})
9292

9393
it('should detect vulnerability in the correct location', async () => {
@@ -96,14 +96,14 @@ describe('IAST stack traces and vulnerabilities with sourcemaps', () => {
9696
await agent.assertMessageReceived(({ payload }) => {
9797
const spans = payload.flatMap(p => p.filter(span => span.name === 'express.request'))
9898
spans.forEach(span => {
99-
assert.property(span.meta, '_dd.iast.json')
99+
assert.ok(Object.hasOwn(span.meta, '_dd.iast.json'))
100100
const iastJsonObject = JSON.parse(span.meta['_dd.iast.json'])
101101

102-
assert.isTrue(iastJsonObject.vulnerabilities.some(vulnerability => {
102+
assert.strictEqual(iastJsonObject.vulnerabilities.some(vulnerability => {
103103
return vulnerability.type === 'WEAK_HASH' &&
104104
vulnerability.location.path === 'appsec/iast-stack-traces-ts-with-sourcemaps/not-rewritten-routes.ts' &&
105105
vulnerability.location.line === 15
106-
}))
106+
}), true)
107107
})
108108
}, null, 1, true)
109109
})

integration-tests/appsec/iast.esm-security-controls.spec.js

Lines changed: 14 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,10 @@
11
'use strict'
22

3+
const assert = require('node:assert/strict')
4+
35
const { sandboxCwd, useSandbox, spawnProc, FakeAgent } = require('../helpers')
46
const path = require('path')
57
const Axios = require('axios')
6-
const { assert } = require('chai')
7-
88
describe('ESM Security controls', () => {
99
let axios, cwd, appFile, agent, proc
1010

@@ -51,8 +51,8 @@ describe('ESM Security controls', () => {
5151
await agent.assertMessageReceived(({ payload }) => {
5252
const spans = payload.flatMap(p => p.filter(span => span.name === 'express.request'))
5353
spans.forEach(span => {
54-
assert.property(span.meta, '_dd.iast.json')
55-
assert.include(span.meta['_dd.iast.json'], '"COMMAND_INJECTION"')
54+
assert.ok(Object.hasOwn(span.meta, '_dd.iast.json'))
55+
assert.match(span.meta['_dd.iast.json'], /"COMMAND_INJECTION"/)
5656
})
5757
}, null, 1, true)
5858
})
@@ -63,8 +63,8 @@ describe('ESM Security controls', () => {
6363
await agent.assertMessageReceived(({ payload }) => {
6464
const spans = payload.flatMap(p => p.filter(span => span.name === 'express.request'))
6565
spans.forEach(span => {
66-
assert.notProperty(span.meta, '_dd.iast.json')
67-
assert.property(span.metrics, '_dd.iast.telemetry.suppressed.vulnerabilities.command_injection')
66+
assert.ok(!('_dd.iast.json' in span.meta))
67+
assert.ok(Object.hasOwn(span.metrics, '_dd.iast.telemetry.suppressed.vulnerabilities.command_injection'))
6868
})
6969
}, null, 1, true)
7070
})
@@ -75,8 +75,8 @@ describe('ESM Security controls', () => {
7575
await agent.assertMessageReceived(({ payload }) => {
7676
const spans = payload.flatMap(p => p.filter(span => span.name === 'express.request'))
7777
spans.forEach(span => {
78-
assert.notProperty(span.meta, '_dd.iast.json')
79-
assert.property(span.metrics, '_dd.iast.telemetry.suppressed.vulnerabilities.command_injection')
78+
assert.ok(!('_dd.iast.json' in span.meta))
79+
assert.ok(Object.hasOwn(span.metrics, '_dd.iast.telemetry.suppressed.vulnerabilities.command_injection'))
8080
})
8181
}, null, 1, true)
8282
})
@@ -87,8 +87,8 @@ describe('ESM Security controls', () => {
8787
await agent.assertMessageReceived(({ payload }) => {
8888
const spans = payload.flatMap(p => p.filter(span => span.name === 'express.request'))
8989
spans.forEach(span => {
90-
assert.property(span.meta, '_dd.iast.json')
91-
assert.include(span.meta['_dd.iast.json'], '"COMMAND_INJECTION"')
90+
assert.ok(Object.hasOwn(span.meta, '_dd.iast.json'))
91+
assert.match(span.meta['_dd.iast.json'], /"COMMAND_INJECTION"/)
9292
})
9393
}, null, 1, true)
9494
})
@@ -99,8 +99,8 @@ describe('ESM Security controls', () => {
9999
await agent.assertMessageReceived(({ payload }) => {
100100
const spans = payload.flatMap(p => p.filter(span => span.name === 'express.request'))
101101
spans.forEach(span => {
102-
assert.notProperty(span.meta, '_dd.iast.json')
103-
assert.property(span.metrics, '_dd.iast.telemetry.suppressed.vulnerabilities.command_injection')
102+
assert.ok(!('_dd.iast.json' in span.meta))
103+
assert.ok(Object.hasOwn(span.metrics, '_dd.iast.telemetry.suppressed.vulnerabilities.command_injection'))
104104
})
105105
}, null, 1, true)
106106
})
@@ -111,8 +111,8 @@ describe('ESM Security controls', () => {
111111
await agent.assertMessageReceived(({ payload }) => {
112112
const spans = payload.flatMap(p => p.filter(span => span.name === 'express.request'))
113113
spans.forEach(span => {
114-
assert.notProperty(span.meta, '_dd.iast.json')
115-
assert.property(span.metrics, '_dd.iast.telemetry.suppressed.vulnerabilities.command_injection')
114+
assert.ok(!('_dd.iast.json' in span.meta))
115+
assert.ok(Object.hasOwn(span.metrics, '_dd.iast.telemetry.suppressed.vulnerabilities.command_injection'))
116116
})
117117
}, null, 1, true)
118118
})

integration-tests/appsec/iast.esm.spec.js

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,10 @@
11
'use strict'
22

3+
const assert = require('node:assert/strict')
4+
35
const { sandboxCwd, useSandbox, spawnProc, FakeAgent } = require('../helpers')
46
const path = require('path')
57
const Axios = require('axios')
6-
const { assert } = require('chai')
7-
88
describe('ESM', () => {
99
let axios, cwd, appFile, agent, proc
1010

@@ -64,8 +64,8 @@ describe('ESM', () => {
6464

6565
await agent.assertMessageReceived(({ payload }) => {
6666
verifySpan(payload, span => {
67-
assert.property(span.meta, '_dd.iast.json')
68-
assert.include(span.meta['_dd.iast.json'], '"COMMAND_INJECTION"')
67+
assert.ok(Object.hasOwn(span.meta, '_dd.iast.json'))
68+
assert.match(span.meta['_dd.iast.json'], /"COMMAND_INJECTION"/)
6969
})
7070
}, null, 1, true)
7171
})
@@ -75,8 +75,8 @@ describe('ESM', () => {
7575

7676
await agent.assertMessageReceived(({ payload }) => {
7777
verifySpan(payload, span => {
78-
assert.property(span.meta, '_dd.iast.json')
79-
assert.include(span.meta['_dd.iast.json'], '"COMMAND_INJECTION"')
78+
assert.ok(Object.hasOwn(span.meta, '_dd.iast.json'))
79+
assert.match(span.meta['_dd.iast.json'], /"COMMAND_INJECTION"/)
8080
})
8181
}, null, 1, true)
8282
})

integration-tests/appsec/index.spec.js

Lines changed: 9 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,9 @@
11
'use strict'
22

3+
const assert = require('node:assert/strict')
4+
35
const path = require('path')
46
const Axios = require('axios')
5-
const { assert } = require('chai')
67
const msgpack = require('@msgpack/msgpack')
78
const { sandboxCwd, useSandbox, FakeAgent, spawnProc } = require('../helpers')
89

@@ -49,18 +50,18 @@ describe('RASP', () => {
4950

5051
async function assertExploitDetected () {
5152
await agent.assertMessageReceived(({ headers, payload }) => {
52-
assert.property(payload[0][0].meta, '_dd.appsec.json')
53-
assert.include(payload[0][0].meta['_dd.appsec.json'], '"test-rule-id-2"')
53+
assert.ok(Object.hasOwn(payload[0][0].meta, '_dd.appsec.json'))
54+
assert.match(payload[0][0].meta['_dd.appsec.json'], /"test-rule-id-2"/)
5455
})
5556
}
5657

5758
async function assertBodyReported (expectedBody, truncated) {
5859
await agent.assertMessageReceived(({ headers, payload }) => {
59-
assert.property(payload[0][0].meta_struct, 'http.request.body')
60+
assert.ok(Object.hasOwn(payload[0][0].meta_struct, 'http.request.body'))
6061
assert.deepStrictEqual(msgpack.decode(payload[0][0].meta_struct['http.request.body']), expectedBody)
6162

6263
if (truncated) {
63-
assert.property(payload[0][0].meta, '_dd.appsec.rasp.request_body_size.exceeded')
64+
assert.ok(Object.hasOwn(payload[0][0].meta, '_dd.appsec.rasp.request_body_size.exceeded'))
6465
}
6566
})
6667
}
@@ -338,8 +339,8 @@ describe('RASP', () => {
338339
}
339340

340341
// not blocked
341-
assert.notEqual(response.status, 418)
342-
assert.notEqual(response.status, 403)
342+
assert.notStrictEqual(response.status, 418)
343+
assert.notStrictEqual(response.status, 403)
343344
await assertExploitDetected()
344345
})
345346
})
@@ -399,7 +400,7 @@ describe('RASP', () => {
399400
}
400401

401402
await agent.assertMessageReceived(({ headers, payload }) => {
402-
assert.notProperty(payload[0][0].meta_struct, 'http.request.body')
403+
assert.ok(!('http.request.body' in payload[0][0].meta_struct))
403404
})
404405
}
405406
})

0 commit comments

Comments
 (0)